View this email in your browser

Defense in Depth

Ambulance Chasing Security Vendors

This week’s episode is co-hosted by me, David Spark, producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. We welcome our guest Angela Williams, CISO, UL. This was an interesting conversation about what vendors should and shouldn’t do during a crisis. Please jump in with your thoughts.During a cyber tragedy the very last thing a CISO has time for is a demo of your product. Frustrated with the opportunistic pitches during the Log4j fiasco, Jerich Beason, commercial CISO for Capital One posted on LinkedIn, "I can’t fight fires and build the fire station at the same time. Stop trying to sell me new hoses and trucks in the middle of a firefight!" He added, "Nobody can evaluate it in time. Nobody can procure it in time. NOBODY HAS THE TIME for a demo." A good high profile security threat seems like a good time to alert potential customers about how your product could help or even prevent a breach. It’s a solid sales tactic for any industry that is not cybersecurity.Help don’t sell during a cyber tragedy. "The idea that this is not the time to be sold is true, but I disagree that it is not a time to be helped," noted Paul Hugenberg, Rea & Associates. If you can help others with your product, go ahead and do it, said Vivian Liang of Operatix. And when the dust settles, yes, the vendor will try to sell you the product, which is fine. Great part is you get to see how it will work during a crisis.Look for any opportunity to provide value during the crisis. “Everything that saves time during the ‘hot phase’ is useful, and at the same time, everything that costs time without providing new value is direct damage," said Petr Špiřík, CISO of SUSE. Steve Zalewski (the other Defense in Depth co-host) used to say to his direct competitors in the retail space, “If you’re having a cyber incident, my team is your team.” If you don’t think you can make a direct impact, think of ways you can ease the pain, maybe with some gift cards for food and coffee, suggested Kevin Egolf of Microsoft.Use “helping in a time of need” as the new yardstick for measuring the effectiveness of security sales. To be successful, vendors need to see the world through the customers’ eyes and have empathy, said Dean Darwin of Traceable AI. Given this is going to be a horrible time to do traditional security sales, Olivia Rose of Rose CISO Group “hopes their sales management gives them a break on this month’s quota push."You can listen to this week’s episode over on our blog where you can read the full transcript. If you aren’t already subscribed to Defense in Depth on your favorite podcast app, please go ahead and do that right now.

Thanks to our podcast sponsor, Automox

Super Cyber Fridays!

Join us Friday [01-20-23], for "Hacking Automated Security"

Join us on Friday, January 20, 2023, for

"Hacking Automated Security: An hour of critical thinking of how intelligent automation can achieve more without doing more.”

It all begins at 1 PM ET/10 AM PT on Friday, January 20, 2023 with guests Brian Vecci, field CTO, Varonis and Ken Collins, sr. director, information security, Sunbelt Rentals, Inc. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Varonis

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Shaun Marion, VP and CISO, McDonald's.

Thanks to this week's headlines sponsor, AppOmni

Cyber chatter from around the web...

Jump in on these conversations 

"I'm thinking of starting a game show..."So you think you can be a CISO"" (

More here

)

"What does it take to have a successful security program?" (

More here

)

"it is time for more #unpopularopinion: Your way is not the only way." (

More here

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead we have:

• [01-13-23] No show

• [01-20-23] Hacking Automated Security

• [02-03-23] Hacking People and Process

• [02-10-23] Hacking Your Security Program 

Save your spot

and register for them all now!

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.